Project

General

Profile

Bug #7381

postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)

Added by Alicha CH almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
06/05/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2017-7484: selectivity estimators bypass SELECT privilege checks

Fixed In Version:

postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3

References:

https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484

CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable

Fixed In Version:

postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3

References:

https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485

CVE-2017-7486: pg_user_mappings view discloses foreign server passwords

Fixed In Version:

postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.5.7, postgresql 9.6.3

References:

https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486


Subtasks

Bug #7382: [3.6] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)ClosedNatanael Copa

Bug #7383: [3.5] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)ClosedNatanael Copa

Bug #7384: [3.4] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)ClosedNatanael Copa

Bug #7385: [3.3] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)ClosedNatanael Copa

History

#1 Updated by Leonardo Arena almost 2 years ago

  • Status changed from New to Resolved

#2 Updated by Alicha CH almost 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF